[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] holes in linux kernel < 2.4.20?

> Hi!
> As in the ssh case nothing exactly is been said on the vulnerability of
> the kernel.
> Do you have some information about the exact problem?
> I hate it getting news there is a security problem and don't know what
> it's about.
> What so secret about writing something about the case (not sending the
> vulnerability itself)?

Alan Cox says that providing details about security holes is illegel in
the US due to the DMCA laws. He may be right, while I do not want to
comment on this law.

SuSE is a German company. We _can_ provide details about security
problems. If we know them. :-|

Right now it looks like the RedHat update addresses vulnerabilities in
drivers for hardware, and it can be assumed that these bugs are DoS type
attack scenarios (your box Oopses or panics).

> The same was with ssh so I can't validate, if it's a real problem!

I see it the same way.

> Philippe


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here